WP-Safety

BA Book Everything Security & Risk Analysis

wordpress.org/plugins/ba-book-everything

The really fast and powerful Booking engine for theme/site developers to create any booking or rental sites (tours, cars, events, apartments, yachts)

10K active installs v1.8.20 PHP 8.1+ WP 6.0+ Updated Feb 5, 2026
bookingpropertiesrentaltoursyachts
86
A · Safe
CVEs total9
Unpatched0
Last CVEJan 8, 2026
Plugin page Download
Safety Verdict

Is BA Book Everything Safe to Use in 2026?

Generally Safe

Score 86/100

BA Book Everything has a strong security track record. Known vulnerabilities have been patched promptly.

9 known CVEsLast CVE: Jan 8, 2026Updated 1mo ago
Risk Assessment

The "ba-book-everything" v1.8.20 plugin exhibits a mixed security posture. On the positive side, the static analysis reveals no unprotected entry points (AJAX handlers, REST API routes, shortcodes, cron events). Furthermore, a significant portion of SQL queries utilize prepared statements (58%), and there are a substantial number of nonce and capability checks present, indicating some good security practices are in place. However, several concerning signals emerge. The presence of unsanitized paths in taint analysis, even if not rated critical, is a red flag that could lead to path traversal or information disclosure vulnerabilities. The relatively low percentage of properly escaped output (67%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the historical pattern of XSS in previous vulnerabilities. The plugin also bundles the Select2 library, which, if outdated, could introduce known vulnerabilities.

The vulnerability history is a significant concern. With a total of 9 known CVEs, including a past critical and high severity vulnerability, the plugin has a history of severe security flaws. The common vulnerability types listed (Missing Authorization, XSS, SQL Injection, CSRF) align with the potential risks identified in the static analysis, particularly regarding output escaping and the presence of unsanitized paths. The fact that the last known vulnerability was in the future (2026-01-08) is likely an error in the provided data, but it still signifies ongoing security issues being discovered and patched, or that the plugin has a history of being targeted. While there are currently no unpatched CVEs, the plugin's past indicates a propensity for exploitable vulnerabilities. Therefore, while the current version shows some improvements, the historical record and certain code signals warrant caution.

Key Concerns

  • High number of known CVEs historically
  • Past critical severity vulnerability
  • Past high severity vulnerability
  • Unsanitized paths in taint analysis
  • Low output escaping percentage
  • Bundled library (Select2)
Vulnerabilities
9

BA Book Everything Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
6 CVEs in 2024
2024
1 CVE in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
7

9 total CVEs

CVE-2026-24371medium · 4.3Missing Authorization

BA Book Everything <= 1.8.16 - Missing Authorization

Jan 8, 2026 Patched in 1.8.17 (27d)
CVE-2025-14449medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode

Dec 18, 2025 Patched in 1.8.15 (1d)
CVE-2024-47360medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BA Book Everything <= 1.6.20 - Reflected Cross-Site Scripting

Sep 30, 2024 Patched in 1.6.21 (11d)
CVE-2024-8794medium · 5.3Unverified Password Change

BA Book Everything <= 1.6.20 - Unauthenticated Arbitrary User Password Reset

Sep 23, 2024 Patched in 1.6.21 (1d)
CVE-2024-8795high · 8.8Cross-Site Request Forgery (CSRF)

BA Book Everything <= 1.6.20 - Cross-Site Request Forgery to Email Address Update/Account Takeover

Sep 23, 2024 Patched in 1.6.21 (1d)
CVE-2024-32598medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BA Book Everything <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

Apr 16, 2024 Patched in 1.6.9 (8d)
CVE-2024-3672medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BA Book Everything <= 1.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Apr 15, 2024 Patched in 1.6.9 (9d)
CVE-2024-32125critical · 9.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

BA Book Everything <= 1.6.4 - Authenticated (Contributor+) SQL Injection

Apr 12, 2024 Patched in 1.6.5 (7d)
WF-37f47ce1-0657-414d-a491-99f2722a44f5-ba-book-everythingmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BA Book Everything Plugin < 1.3.25 - Cross-Site Scripting and Cross-Frame Scripting

Sep 30, 2020 Patched in 1.3.25 (1210d)
Code Analysis
Analyzed Mar 16, 2026

BA Book Everything Code Analysis

Dangerous Functions
0
Raw SQL Queries
60
83 prepared
Unescaped Output
306
615 escaped
Nonce Checks
40
Capability Checks
19
File Operations
1
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

58% prepared143 total queries

Output Escaping

67% escaped921 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

25 flows5 with unsanitized paths
restrict_manage_posts (includes\class-babe-order-admin.php:73)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

BA Book Everything Attack Surface

Entry Points72
Unprotected0

AJAX Handlers 48

authwp_ajax_del_ruleincludes\class-babe-booking-rules-admin.php:25
authwp_ajax_save_scheduleincludes\class-babe-cmb2-admin.php:56
authwp_ajax_generate_coupon_numberincludes\class-babe-cmb2-admin.php:57
authwp_ajax_add_category_exclude_datesincludes\class-babe-cmb2-admin.php:70
authwp_ajax_delete_category_exclude_datesincludes\class-babe-cmb2-admin.php:71
authwp_ajax_recalculate_ratingincludes\class-babe-cmb2-admin.php:72
authwp_ajax_get_meeting_pointsincludes\class-babe-html.php:54
noprivwp_ajax_get_meeting_pointsincludes\class-babe-html.php:55
authwp_ajax_get_times_guestsincludes\class-babe-html.php:57
noprivwp_ajax_get_times_guestsincludes\class-babe-html.php:58
authwp_ajax_get_servicesincludes\class-babe-html.php:60
noprivwp_ajax_get_servicesincludes\class-babe-html.php:61
authwp_ajax_get_booking_timesincludes\class-babe-html.php:63
noprivwp_ajax_get_booking_timesincludes\class-babe-html.php:64
authwp_ajax_booking_calculateincludes\class-babe-html.php:66
noprivwp_ajax_booking_calculateincludes\class-babe-html.php:67
authwp_ajax_apply_coupon_to_orderincludes\class-babe-html.php:70
noprivwp_ajax_apply_coupon_to_orderincludes\class-babe-html.php:71
authwp_ajax_remove_coupon_from_orderincludes\class-babe-html.php:72
noprivwp_ajax_remove_coupon_from_orderincludes\class-babe-html.php:73
authwp_ajax_checkout_payment_method_changedincludes\class-babe-html.php:76
noprivwp_ajax_checkout_payment_method_changedincludes\class-babe-html.php:77
authwp_ajax_order_request_paymentincludes\class-babe-order-admin.php:33
authwp_ajax_request_bookingincludes\class-babe-order.php:71
noprivwp_ajax_request_bookingincludes\class-babe-order.php:72
authwp_ajax_get_price_details_formincludes\class-babe-prices.php:36
authwp_ajax_get_price_details_blockincludes\class-babe-prices.php:37
authwp_ajax_save_rateincludes\class-babe-prices.php:38
authwp_ajax_delete_rateincludes\class-babe-prices.php:39
authwp_ajax_check_base_rateincludes\class-babe-prices.php:40
authwp_ajax_rates_reorderincludes\class-babe-prices.php:41
authwp_ajax_search_form_add_tabincludes\class-babe-search-form-admin.php:27
authwp_ajax_search_form_tabs_reorderincludes\class-babe-search-form-admin.php:29
authwp_ajax_search_form_delete_tabincludes\class-babe-search-form-admin.php:31
authwp_ajax_search_form_update_fieldsincludes\class-babe-search-form-admin.php:33
authwp_ajax_setup_demo_contentincludes\class-babe-settings-admin.php:28
authwp_ajax_babe_listing_filteredincludes\class-babe-shortcodes.php:74
noprivwp_ajax_babe_listing_filteredincludes\class-babe-shortcodes.php:75
authwp_ajax_babe_listing_update_filtersincludes\class-babe-shortcodes.php:77
noprivwp_ajax_babe_listing_update_filtersincludes\class-babe-shortcodes.php:78
authwp_ajax_check_free_usernameincludes\class-babe-users.php:35
noprivwp_ajax_check_free_usernameincludes\class-babe-users.php:36
authwp_ajax_check_free_username_emailincludes\class-babe-users.php:38
noprivwp_ajax_check_free_username_emailincludes\class-babe-users.php:39
authwp_ajax_check_free_emailincludes\class-babe-users.php:41
noprivwp_ajax_check_free_emailincludes\class-babe-users.php:42
authwp_ajax_cmb2_oembed_handlerincludes\plugins\cmb2\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerincludes\plugins\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 24

[all-items] includes\class-babe-shortcodes.php:26
[babe-listing] includes\class-babe-shortcodes.php:27
[babe-search-form] includes\class-babe-shortcodes.php:29
[babe-booking-form] includes\class-babe-shortcodes.php:31
[babe-item-stars] includes\class-babe-shortcodes.php:33
[babe-item-address-map] includes\class-babe-shortcodes.php:35
[babe-item-meeting-points] includes\class-babe-shortcodes.php:37
[babe-item-calendar] includes\class-babe-shortcodes.php:39
[babe-item-slideshow] includes\class-babe-shortcodes.php:41
[babe-item-faqs] includes\class-babe-shortcodes.php:43
[babe-item-steps] includes\class-babe-shortcodes.php:45
[babe-item-custom-section] includes\class-babe-shortcodes.php:47
[babe-item-price-from] includes\class-babe-shortcodes.php:49
[babe-item-related] includes\class-babe-shortcodes.php:51
[babe-order-customer-name] includes\class-babe-shortcodes.php:54
[babe-order-customer-details] includes\class-babe-shortcodes.php:56
[babe-order-items] includes\class-babe-shortcodes.php:58
[babe-order-amount-to-pay] includes\class-babe-shortcodes.php:60
[babe-order-number] includes\class-babe-shortcodes.php:62
[babe-order-admin-notes] includes\class-babe-shortcodes.php:64
[babe-email-button] includes\class-babe-shortcodes.php:66
[babe-email-header-image] includes\class-babe-shortcodes.php:68
[babe-email-body-title] includes\class-babe-shortcodes.php:70
[babe-email-body-content] includes\class-babe-shortcodes.php:72
WordPress Hooks 281
actioninitincludes\class-babe-api.php:20
filterquery_varsincludes\class-babe-api.php:21
actionparse_requestincludes\class-babe-api.php:22
actionadmin_noticesincludes\class-babe-banner-notice.php:25
actionadmin_menuincludes\class-babe-booking-rules-admin.php:21
actionadmin_initincludes\class-babe-booking-rules-admin.php:22
actionadmin_enqueue_scriptsincludes\class-babe-booking-rules-admin.php:23
actioninitincludes\class-babe-calendar-functions.php:55
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:26
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:27
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:28
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:29
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:31
actioncmb2_initincludes\class-babe-cmb2-admin.php:32
actioncmb2_booking_obj_after_select_categoryincludes\class-babe-cmb2-admin.php:33
actioncmb2_booking_obj_before_av_datesincludes\class-babe-cmb2-admin.php:34
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:36
actioncmb2_initincludes\class-babe-cmb2-admin.php:37
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:39
actioncmb2_initincludes\class-babe-cmb2-admin.php:40
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:42
actioncmb2_initincludes\class-babe-cmb2-admin.php:43
actioncmb2_service_before_service_typeincludes\class-babe-cmb2-admin.php:44
actioncmb2_save_fieldincludes\class-babe-cmb2-admin.php:46
filtercmb2_can_saveincludes\class-babe-cmb2-admin.php:47
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:49
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:50
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:51
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:52
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:54
actionwp_insert_postincludes\class-babe-cmb2-admin.php:59
actioncmb2_save_post_fields_booking_obj_metaboxincludes\class-babe-cmb2-admin.php:60
actionwp_after_insert_postincludes\class-babe-cmb2-admin.php:62
actioncmb2_admin_initincludes\class-babe-cmb2-admin.php:64
filtercmb2_render_coupon_usageincludes\class-babe-cmb2-admin.php:65
filtercmb2_render_coupon_numincludes\class-babe-cmb2-admin.php:66
filtercmb2_render_coupon_amountincludes\class-babe-cmb2-admin.php:67
filtercmb2_render_category_disable_datesincludes\class-babe-cmb2-admin.php:68
filtercmb2_render_price_detailsincludes\class-babe-cmb2-admin.php:74
filtercmb2_render_object_codeincludes\class-babe-cmb2-admin.php:75
filtercmb2_render_durationincludes\class-babe-cmb2-admin.php:76
filtercmb2_render_time_shiftincludes\class-babe-cmb2-admin.php:77
filtercmb2_render_scheduleincludes\class-babe-cmb2-admin.php:78
filtercmb2_render_recalculate_ratingincludes\class-babe-cmb2-admin.php:79
filtercmb2_render_service_pricesincludes\class-babe-cmb2-admin.php:81
filtercmb2_sanitize_service_pricesincludes\class-babe-cmb2-admin.php:82
filtercmb2_render_pw_selectincludes\class-babe-cmb2-admin.php:83
filtercmb2_render_pw_multiselectincludes\class-babe-cmb2-admin.php:84
filtercmb2_sanitize_pw_multiselectincludes\class-babe-cmb2-admin.php:85
filtercmb2_render_addressincludes\class-babe-cmb2-admin.php:87
filtercmb2_render_mpoints_selectincludes\class-babe-cmb2-admin.php:88
filtercmb2_render_text_titleincludes\class-babe-cmb2-admin.php:89
filtercmb2_render_tax_children_multicheckincludes\class-babe-cmb2-admin.php:90
filtercmb2_sanitize_tax_children_multicheckincludes\class-babe-cmb2-admin.php:91
filtercmb2_render_tax_radioincludes\class-babe-cmb2-admin.php:93
filtercmb2_sanitize_tax_radioincludes\class-babe-cmb2-admin.php:94
filtercmb2_render_discountincludes\class-babe-cmb2-admin.php:96
filtercmb2_sanitize_discountincludes\class-babe-cmb2-admin.php:97
filtercmb2_render_order_itemsincludes\class-babe-cmb2-admin.php:99
actionadmin_enqueue_scriptsincludes\class-babe-cmb2-admin.php:101
actionwp_enqueue_scriptsincludes\class-babe-cmb2-admin.php:103
actionmtphr_post_duplicator_createdincludes\class-babe-cmb2-admin.php:105
actionbabe_settings_after_email_fieldsincludes\class-babe-coupons-admin.php:24
filterposts_whereincludes\class-babe-coupons-admin.php:30
filterposts_joinincludes\class-babe-coupons-admin.php:31
filterposts_groupbyincludes\class-babe-coupons-admin.php:32
actioninitincludes\class-babe-coupons.php:26
filterwp_insert_post_dataincludes\class-babe-coupons.php:28
actiondelete_postincludes\class-babe-coupons.php:29
actionbabe_order_status_update_before_order_actionsincludes\class-babe-emails.php:13
actionwp_mail_failedincludes\class-babe-emails.php:15
actioninitincludes\class-babe-emails.php:17
actionbabe_created_customerincludes\class-babe-emails.php:29
actionbabe_user_password_resetedincludes\class-babe-emails.php:31
filterwp_mail_content_typeincludes\class-babe-emails.php:993
filterwp_mail_from_nameincludes\class-babe-emails.php:995
filterwp_mail_fromincludes\class-babe-emails.php:997
actioninitincludes\class-babe-functions.php:26
filterthe_contentincludes\class-babe-html.php:30
filterthe_contentincludes\class-babe-html.php:31
filterthe_contentincludes\class-babe-html.php:32
actioninitincludes\class-babe-html.php:34
filterbabe_search_result_descriptionincludes\class-babe-html.php:36
filterbabe_av_calendar_cell_pricefromincludes\class-babe-html.php:37
filterbabe_post_contentincludes\class-babe-html.php:39
filterbabe_post_content_before_tabsincludes\class-babe-html.php:40
filterbabe_post_content_before_tabsincludes\class-babe-html.php:41
filterbabe_post_content_before_tabsincludes\class-babe-html.php:42
filterbabe_post_content_before_tabsincludes\class-babe-html.php:43
filterbabe_post_content_before_tabsincludes\class-babe-html.php:44
filterbabe_post_content_tabsincludes\class-babe-html.php:45
filterbabe_post_content_after_tabsincludes\class-babe-html.php:46
filterbabe_checkout_field_requiredincludes\class-babe-html.php:48
actionwp_enqueue_scriptsincludes\class-babe-html.php:50
filterscript_loader_tagincludes\class-babe-html.php:52
filterbabe_checkout_after_order_itemsincludes\class-babe-html.php:80
filterbabe_order_items_htmlincludes\class-babe-html.php:81
filterbabe_checkout_after_contact_fieldsincludes\class-babe-html.php:84
filterbabe_checkout_after_contact_fieldsincludes\class-babe-html.php:87
actionwp_body_openincludes\class-babe-html.php:89
filterthe_contentincludes\class-babe-html.php:126
actionbabe_settings_after_email_fieldsincludes\class-babe-import-export.php:48
filterimport_startincludes\class-babe-import-export.php:58
filterwp_import_termsincludes\class-babe-import-export.php:59
filterwp_import_post_data_rawincludes\class-babe-import-export.php:60
filterimport_endincludes\class-babe-import-export.php:61
filterwp_import_post_commentsincludes\class-babe-import-export.php:62
actionwp_import_insert_commentincludes\class-babe-import-export.php:63
actionwp_import_postsincludes\class-babe-import-export.php:64
actionexport_wpincludes\class-babe-import-export.php:67
actioninitincludes\class-babe-import-export.php:68
filterhttp_request_host_is_externalincludes\class-babe-import-export.php:1022
filtercron_schedulesincludes\class-babe-install.php:37
actionbabe_remove_draft_ordersincludes\class-babe-install.php:38
actionbabe_expire_couponsincludes\class-babe-install.php:39
actioninitincludes\class-babe-install.php:41
actioninitincludes\class-babe-install.php:42
actioninitincludes\class-babe-install.php:43
actioninitincludes\class-babe-install.php:44
actionafter_setup_themeincludes\class-babe-install.php:45
filterextra_plugin_headersincludes\class-babe-install.php:47
actioninitincludes\class-babe-install.php:56
actionadmin_noticesincludes\class-babe-install.php:59
actiontemplate_redirectincludes\class-babe-my-account.php:57
actioninitincludes\class-babe-my-account.php:59
actioninitincludes\class-babe-my-account.php:68
filterbabe_my_account_contentincludes\class-babe-my-account.php:70
filterbabe_myaccount_page_content_customerincludes\class-babe-my-account.php:72
filterbabe_myaccount_page_content_customerincludes\class-babe-my-account.php:73
filterbabe_myaccount_page_content_customerincludes\class-babe-my-account.php:74
filterbabe_myaccount_page_content_customerincludes\class-babe-my-account.php:75
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:77
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:78
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:79
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:81
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:83
filterbabe_myaccount_page_content_managerincludes\class-babe-my-account.php:85
actiontemplate_redirectincludes\class-babe-my-account.php:87
actiontemplate_redirectincludes\class-babe-my-account.php:89
filterbabe_login_form_messageincludes\class-babe-my-account.php:91
actiontemplate_redirectincludes\class-babe-my-account.php:93
actiontemplate_redirectincludes\class-babe-my-account.php:95
actionwp_logoutincludes\class-babe-my-account.php:97
actionwp_login_failedincludes\class-babe-my-account.php:98
filterwp_login_errorsincludes\class-babe-my-account.php:99
filterposts_whereincludes\class-babe-order-admin.php:23
filterposts_joinincludes\class-babe-order-admin.php:24
filterposts_groupbyincludes\class-babe-order-admin.php:25
filterposts_orderbyincludes\class-babe-order-admin.php:26
actionpre_get_postsincludes\class-babe-order-admin.php:27
actionrestrict_manage_postsincludes\class-babe-order-admin.php:29
actionadmin_enqueue_scriptsincludes\class-babe-order-admin.php:31
filterbabe_order_status_update_status_routerincludes\class-babe-order-admin.php:127
actioninitincludes\class-babe-order.php:45
filterwp_insert_post_dataincludes\class-babe-order.php:47
actionwp_insert_postincludes\class-babe-order.php:48
actionupdate_post_metaincludes\class-babe-order.php:50
filterupdate_post_metadataincludes\class-babe-order.php:51
actiontemplate_redirectincludes\class-babe-order.php:53
actiontemplate_redirectincludes\class-babe-order.php:54
actiontemplate_redirectincludes\class-babe-order.php:55
actiontemplate_redirectincludes\class-babe-order.php:57
filterbabe_admin_confirmation_contentincludes\class-babe-order.php:58
actiontemplate_redirectincludes\class-babe-order.php:60
filterbabe_customer_confirmation_contentincludes\class-babe-order.php:61
actionwp_trash_postincludes\class-babe-order.php:63
actionbefore_delete_postincludes\class-babe-order.php:65
filterbabe_services_contentincludes\class-babe-order.php:67
filterbabe_checkout_contentincludes\class-babe-order.php:68
filterbabe_confirmation_contentincludes\class-babe-order.php:69
actionbabe_payments_before_do_complete_orderincludes\class-babe-order.php:74
filterbabe_get_active_payment_methodsincludes\class-babe-order.php:76
actionbabe_checkout_payment_gateway_selectedincludes\class-babe-order.php:78
actioninitincludes\class-babe-pay-cash.php:37
actionbabe_init_payment_methodsincludes\class-babe-pay-cash.php:43
actionbabe_init_payment_methodsincludes\class-babe-pay-coupon.php:31
actioninitincludes\class-babe-payments.php:38
filterquery_varsincludes\class-babe-payments.php:40
actioninitincludes\class-babe-payments.php:42
actioninitincludes\class-babe-payments.php:43
actiontemplate_redirectincludes\class-babe-payments.php:45
filterbabe_get_active_payment_methodsincludes\class-babe-payments.php:76
filterbabe_checkout_form_element_amount_groupincludes\class-babe-payments.php:78
filterbabe_get_active_payment_methodsincludes\class-babe-payments.php:86
actioninitincludes\class-babe-post-types.php:83
actioninitincludes\class-babe-post-types.php:85
actioninitincludes\class-babe-post-types.php:86
actionbefore_delete_postincludes\class-babe-post-types.php:91
actionpre_get_postsincludes\class-babe-post-types.php:93
actiondo_meta_boxesincludes\class-babe-posts-admin.php:20
actionadmin_enqueue_scriptsincludes\class-babe-prices.php:33
actionwp_enqueue_scriptsincludes\class-babe-prices.php:34
filtercomment_form_field_commentincludes\class-babe-rating.php:24
actionedit_commentincludes\class-babe-rating.php:25
actioncomment_postincludes\class-babe-rating.php:26
actiontransition_comment_statusincludes\class-babe-rating.php:27
filtercomments_openincludes\class-babe-rating.php:28
filterget_comment_textincludes\class-babe-rating.php:30
filterwp_comment_replyincludes\class-babe-rating.php:35
actionadd_meta_boxes_commentincludes\class-babe-rating.php:36
filterpre_user_idincludes\class-babe-rating.php:579
actionadmin_menuincludes\class-babe-search-form-admin.php:23
actionadmin_enqueue_scriptsincludes\class-babe-search-form-admin.php:25
actioninitincludes\class-babe-search-form.php:49
actionadmin_menuincludes\class-babe-settings-admin.php:19
actionadmin_initincludes\class-babe-settings-admin.php:20
actionadmin_initincludes\class-babe-settings-admin.php:21
actionbabe_settings_standard_emailsincludes\class-babe-settings-admin.php:23
actionadmin_enqueue_scriptsincludes\class-babe-settings-admin.php:26
filteradmin_footer_textincludes\class-babe-settings-admin.php:61
actioninitincludes\class-babe-settings.php:54
actioninitincludes\class-babe-settings.php:56
actioninitincludes\class-babe-settings.php:58
actionpre_get_postsincludes\class-babe-settings.php:72
filterajax_query_attachments_argsincludes\class-babe-settings.php:73
filteruser_has_capincludes\class-babe-users.php:26
filtereditable_rolesincludes\class-babe-users.php:27
filtermap_meta_capincludes\class-babe-users.php:28
filtershow_admin_barincludes\class-babe-users.php:29
actiondeleted_userincludes\class-babe-users.php:30
filterwp_dropdown_users_argsincludes\class-babe-users.php:32
filterrest_user_queryincludes\class-babe-users.php:33
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:105
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:470
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:500
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:564
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:633
actioncmb2_admin_initincludes\plugins\cmb2\example-functions.php:674
actioncmb2_initincludes\plugins\cmb2\example-functions.php:777
filterwp_prepare_attachment_for_jsincludes\plugins\cmb2\includes\CMB2.php:1558
actionadmin_enqueue_scriptsincludes\plugins\cmb2\includes\CMB2.php:1576
actioncmb2_save_options-page_fieldsincludes\plugins\cmb2\includes\CMB2_Ajax.php:54
filterget_post_metadataincludes\plugins\cmb2\includes\CMB2_Ajax.php:147
filterupdate_post_metadataincludes\plugins\cmb2\includes\CMB2_Ajax.php:150
filtercmb2_show_onincludes\plugins\cmb2\includes\CMB2_Hookup.php:79
actionedit_form_topincludes\plugins\cmb2\includes\CMB2_Hookup.php:115
actionedit_form_before_permalinkincludes\plugins\cmb2\includes\CMB2_Hookup.php:119
actionedit_form_after_titleincludes\plugins\cmb2\includes\CMB2_Hookup.php:123
actionedit_form_after_editorincludes\plugins\cmb2\includes\CMB2_Hookup.php:127
actionadd_meta_boxesincludes\plugins\cmb2\includes\CMB2_Hookup.php:131
actionadd_meta_boxesincludes\plugins\cmb2\includes\CMB2_Hookup.php:134
actionadd_attachmentincludes\plugins\cmb2\includes\CMB2_Hookup.php:135
actionedit_attachmentincludes\plugins\cmb2\includes\CMB2_Hookup.php:136
actionsave_postincludes\plugins\cmb2\includes\CMB2_Hookup.php:137
actionpre_get_postsincludes\plugins\cmb2\includes\CMB2_Hookup.php:144
actionadd_meta_boxes_commentincludes\plugins\cmb2\includes\CMB2_Hookup.php:152
actionedit_commentincludes\plugins\cmb2\includes\CMB2_Hookup.php:153
filtermanage_edit-comments_columnsincludes\plugins\cmb2\includes\CMB2_Hookup.php:156
actionmanage_comments_custom_columnincludes\plugins\cmb2\includes\CMB2_Hookup.php:157
filtermanage_edit-comments_sortable_columnsincludes\plugins\cmb2\includes\CMB2_Hookup.php:158
actionpre_get_postsincludes\plugins\cmb2\includes\CMB2_Hookup.php:159
actionshow_user_profileincludes\plugins\cmb2\includes\CMB2_Hookup.php:168
actionedit_user_profileincludes\plugins\cmb2\includes\CMB2_Hookup.php:169
actionuser_new_formincludes\plugins\cmb2\includes\CMB2_Hookup.php:170
actionpersonal_options_updateincludes\plugins\cmb2\includes\CMB2_Hookup.php:172
actionedit_user_profile_updateincludes\plugins\cmb2\includes\CMB2_Hookup.php:173
actionuser_registerincludes\plugins\cmb2\includes\CMB2_Hookup.php:174
filtermanage_users_columnsincludes\plugins\cmb2\includes\CMB2_Hookup.php:177
filtermanage_users_custom_columnincludes\plugins\cmb2\includes\CMB2_Hookup.php:178
filtermanage_users_sortable_columnsincludes\plugins\cmb2\includes\CMB2_Hookup.php:179
actionpre_get_postsincludes\plugins\cmb2\includes\CMB2_Hookup.php:180
actionpre_get_postsincludes\plugins\cmb2\includes\CMB2_Hookup.php:226
actioncreated_termincludes\plugins\cmb2\includes\CMB2_Hookup.php:230
actionedited_termsincludes\plugins\cmb2\includes\CMB2_Hookup.php:231
actiondelete_termincludes\plugins\cmb2\includes\CMB2_Hookup.php:232
actioncmb2_do_oembedincludes\plugins\cmb2\includes\helper-functions.php:131
filteris_protected_metaincludes\plugins\cmb2\includes\rest-api\CMB2_REST.php:144
actioninitincludes\plugins\cmb2\init.php:131
actionadmin_initincludes\plugins\cmb2-conditionals\cmb2-conditionals.php:93
actioninitincludes\plugins\cmb2-conditionals\cmb2-conditionals.php:94
actionadmin_footerincludes\plugins\cmb2-conditionals\cmb2-conditionals.php:96
actionwp_enqueue_scriptsincludes\plugins\cmb2-conditionals\cmb2-conditionals.php:97
actionplugins_loadedincludes\plugins\cmb2-conditionals\cmb2-conditionals.php:281
actioncmb2_initincludes\plugins\cmb2-conditionals\example-functions.php:28
actionelementor/initincludes\vendors\elementor\init.php:11
actionelementor/widgets/registerincludes\vendors\elementor\init.php:46
actionwidgets_initincludes\widgets\class-babe-booking-form.php:75
actionwidgets_initincludes\widgets\class-babe-search-filter-price.php:92
actionwidgets_initincludes\widgets\class-babe-search-filter-reset-button.php:6
actionwidgets_initincludes\widgets\class-babe-search-filter-terms.php:104
actionwidgets_initincludes\widgets\class-babe-search-form.php:62

Scheduled Events 2

babe_remove_draft_orders
babe_expire_coupons
Maintenance & Trust

BA Book Everything Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 5, 2026
PHP min version8.1
Downloads365K

Community Trust

Rating84/100
Number of ratings20
Active installs10K
Alternatives

BA Book Everything Alternatives

indexic aReservation

indexic aReservation

indexic-areservation

A
85

Easily integrate Indexic's aReservation Tour Booking and Rental Reservation Software into your WordPress website. You can add booking buttons wi &hellip;

60 No CVEs
VikRentCar Car Rental Management System

VikRentCar Car Rental Management System

vikrentcar

B
82

Robust Car Rental Management System for any kind of vechicles. The most reliable booking solution for managing vehicles rentals through your website.

4K 9 CVEs
Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin

tourfic

A
93

Hotel, Travel, Car Rental & Tour Booking WordPress plugin. Build a website like Agoda, Booking.com, Airbnb, Enterprise, Avis with WooCommerce

2K 8 CVEs
Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment

Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment

booking-and-rental-manager-for-woocommerce

A
88

Woocommerce Rental and Booking Manager for Bike, Car, Resort, Appointment and Equipment. Simplify your reservation system for a memorable journey!

1K 12 CVEs
Booqable Rental Plugin

Booqable Rental Plugin

booqable-rental-reservations

B
77

Booqable - WordPress Rental Plugin

1K 1 unpatched
Developer Profile

BA Book Everything Developer Profile

bookingalgorithms

1 plugin · 10K total installs

69
trust score
Avg Security Score
86/100
Avg Patch Time
142 days
View full developer profile
Detection Fingerprints

How We Detect BA Book Everything

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ba-book-everything/assets/css/slick.css/wp-content/plugins/ba-book-everything/assets/css/style.css/wp-content/plugins/ba-book-everything/assets/css/responsive.css/wp-content/plugins/ba-book-everything/assets/css/bootstrap.min.css/wp-content/plugins/ba-book-everything/assets/css/bootstrap-datepicker.css/wp-content/plugins/ba-book-everything/assets/css/animate.css/wp-content/plugins/ba-book-everything/assets/css/ba-booking.min.css/wp-content/plugins/ba-book-everything/assets/css/ba-booking-admin.css+33 more
Script Paths
/wp-content/plugins/ba-book-everything/assets/js/slick.min.js/wp-content/plugins/ba-book-everything/assets/js/bootstrap.min.js/wp-content/plugins/ba-book-everything/assets/js/bootstrap-datepicker.min.js/wp-content/plugins/ba-book-everything/assets/js/moment.min.js/wp-content/plugins/ba-book-everything/assets/js/jquery.mask.min.js/wp-content/plugins/ba-book-everything/assets/js/jquery.cookie.js+22 more
Version Parameters
ba-book-everything/assets/css/slick.css?ver=ba-book-everything/assets/css/style.css?ver=ba-book-everything/assets/css/responsive.css?ver=ba-book-everything/assets/css/bootstrap.min.css?ver=ba-book-everything/assets/css/bootstrap-datepicker.css?ver=ba-book-everything/assets/css/animate.css?ver=ba-book-everything/assets/css/ba-booking.min.css?ver=ba-book-everything/assets/css/ba-booking-admin.css?ver=ba-book-everything/assets/css/ba-booking-admin-responsive.css?ver=ba-book-everything/assets/css/font-awesome.min.css?ver=ba-book-everything/assets/css/elementor-addon.css?ver=ba-book-everything/assets/js/slick.min.js?ver=ba-book-everything/assets/js/bootstrap.min.js?ver=ba-book-everything/assets/js/bootstrap-datepicker.min.js?ver=ba-book-everything/assets/js/moment.min.js?ver=ba-book-everything/assets/js/jquery.mask.min.js?ver=ba-book-everything/assets/js/jquery.cookie.js?ver=ba-book-everything/assets/js/jquery.blockUI.js?ver=ba-book-everything/assets/js/ba-booking.min.js?ver=ba-book-everything/assets/js/ba-booking-admin.min.js?ver=ba-book-everything/assets/js/vendors/chart.js/Chart.min.js?ver=ba-book-everything/assets/js/vendors/daterangepicker/daterangepicker.min.js?ver=ba-book-everything/assets/js/vendors/echarts/echarts.min.js?ver=ba-book-everything/assets/js/vendors/fullcalendar/main.min.js?ver=ba-book-everything/assets/js/vendors/mapael/jquery.mapael.min.js?ver=ba-book-everything/assets/js/vendors/mapael/maps/usa_states.js?ver=ba-book-everything/assets/js/vendors/jqvmap/jquery.vmap.min.js?ver=ba-book-everything/assets/js/vendors/jqvmap/maps/jquery.vmap.world.js?ver=ba-book-everything/assets/js/vendors/summernote/summernote-bs4.min.js?ver=ba-book-everything/assets/js/vendors/sweetalert2/sweetalert2.min.js?ver=ba-book-everything/assets/js/vendors/toastr/toastr.min.js?ver=ba-book-everything/assets/js/vendors/quill/quill.min.js?ver=ba-book-everything/assets/js/vendors/select2/select2.full.min.js?ver=ba-book-everything/assets/js/vendors/bootstrap-wizard/jquery.bootstrap.wizard.min.js?ver=ba-book-everything/assets/js/vendors/sparklines/jquery.sparkline.min.js?ver=ba-book-everything/assets/js/vendors/dropzone/dropzone.min.js?ver=ba-book-everything/assets/js/vendors/jquery-ui/jquery-ui.min.js?ver=ba-book-everything/assets/js/vendors/images-loaded/images-loaded.min.js?ver=ba-book-everything/assets/js/vendors/jquery-ui-touch-punch/jquery-ui.touch-punch.js?ver=

HTML / DOM Fingerprints

CSS Classes
babe-bookingbabe-booking-widgetbabe-search-formbabe-single-bookingbabe-booking-detailsbabe-booking-calendarbabe-booking-modalbabe-booking-tabs+12 more
HTML Comments
<!-- BABE Booking Engine --><!-- BABE Booking Form --><!-- BABE Search Form --><!-- BABE Booking Details -->+16 more
Data Attributes
data-babe-booking-iddata-babe-booking-datedata-babe-booking-pricedata-babe-booking-actiondata-babe-booking-typedata-babe-booking-slug+36 more
JS Globals
BabeBookingbabe_booking_paramsbabe_booking_admin_paramsBabeBookingCalendarBabeBookingFormBabeBookingSearchForm+2 more
REST Endpoints
/wp-json/babe/v1/bookings/wp-json/babe/v1/search
Shortcode Output
[babe_booking][babe_search_form][babe_booking_details][babe_booking_calendar]
FAQ

Frequently Asked Questions about BA Book Everything